new Russian IT Security updates: thanks to https://www.securitylab.ru/ and https://translate.yandex.com/ SecurityLab, [06.11.19 16:12] The Libarchive compression library, which is included by default in Debian, Ubuntu, Gentoo, Arch Linux, FreeBSD, and NetBSD distributions, contains a vulnerability that allows an attacker […]
SecurityLab, [01.11.19 15:21] Google has released fixes for two vulnerabilities in Chrome, including a zero-day vulnerability exploited in real-world attacks. The issues are fixed in browser version 78.0.3904.87 for Windows, Mac and Linux, and users are strongly advised to install […]
Make an impact! (just not on impact) how can everyone help build the city on Mars? Musk: talk about it! 🙂 write about it! spread the news! set the focus of the discussion! computer rendering of SpaceShip 2020-12: SpaceShip SN8 […]
All users are strongly encouraged to upgrade to the latest versions of PHP 7.3.11 and PHP 7.2.24. Vulnerability in PHP7 exposes sites to remote hacking risk The problem only applies to NGINX servers with PHP-FPM enabled. image A dangerous vulnerability […]
BitPaymer attack has blocked the work of the industrial giant Pilz one of the largest manufacturers of industrial automation tools Pilz GmbH & Co. KG Type GmbH & Co. KG Industry Automation technology Founded 1948 Headquarters Ostfildern , Germany Revenue […]
Another reason to NOT trust EVERY human task to machines… unless one wants to get killed by a robot dressed up as dinosaur. “great” X-D “Japanese travel agent H. I. S. Group ignored warnings about a vulnerability in its Tapia […]
“In the popular series of wireless keyboards Fujitsu LX390 found two dangerous vulnerabilities. According to researchers from the company SySS, exploitation of vulnerabilities allows nearby attackers to “spy” passwords entered on the keyboard, or even to seize control of the […]
Update: 2021-02 “A statement from the German Federal Criminal Police Office about their participation in Operation Ladybird said prosecutors seized 17 servers in Germany that acted as Emotet controllers.” and many bars of gold and cash were seized in Ukraine… […]
what IT can learn from nature: (src) mostly US users affected. Big Business: Big Companies and Big Money can afford Big Staff to maintain and secure their products, but they also provide Big Infrastructure (AWS, Office) and thus a single […]
THE ECB BIRD WAS HACKED! “however, the internal system of the Bank has not been compromised” the site http://www.banks-integrated-reporting-dictionary.eu/ was taken offline. It is fascinating. The Europeans probably do not even know about “what is going on” and according to ex […]
screw Qualcomm, what one wants is should work out of the box with recent Linux kernels on Open Source drivers only: https://dwaves.de/2019/07/03/recommended-tested-hardware-superb-wifi-wlan-adapter-chipset-atheros-ar9285-mini-pcie-for-gnu-linux-debian-10-ubuntu-and-trisquel-8-0-test-run-on-lenovo-t440-and-librebooted-lenovo-x60s/ as far as i understand this… if you are concerned about the security of your phone… (banking apps… […]
“Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web server market share, which consists of 70% of Linux-based operating systems. […]
Capitalism inspires the short sighted incentives. But trust and honesty is key in long term relationships. So for a short period of time – some dishonest people might enjoy the benefits – but in the end – it comes home […]
don’t be evil “Google controls about 62% of mobile browsers, 69% of desktop browsers, and the operating systems on 71% of mobile devices in the world. 92% of internet searches go through Google and 73% of American adults use YouTube. […]
it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but: your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, […]
servers/clients/computers/programs/services/webservers need accurate time… they usually get it from time servers that have an atomic clock attached to their USB port. (just guessing) ping time.google.com PING time.google.com (216.239.35.4) 56(84) bytes of data. 64 bytes from time2.google.com (216.239.35.4): icmp_seq=1 ttl=46 time=43.5 […]
Pwn2Own 2020: opening a pdf can be enough to compromise system! https://youtu.be/u1udr7j9MQA?t=359 thank you ccc you are doing a lovely work – make this planet more interesting by creativity and more informed about security 🙂 keep it up 🙂 https://cdn.media.ccc.de/events/gpn/gpn19/h264-hd/gpn19-45-eng-BADPDF_-_Stealing_Windows_Credentials_via_PDF_Files_hd.mp4 […]
Update: 2020.03 “The newly developed Rowhammer- attack TRRespass can crack the RAM-a security mechanism by many DDR4-DRAM-modules as well as LPDDR4 Chips. Until now, these were considered to be almost immune to Rowhammer attacks.” https://www.com-magazin.de/news/sicherheit/software-hammer-ram-schutz-attackiert-2515621.html Update: 2019.10 Zombieload is back. […]
scroll down for ENGLISH: ) OMG! Da die IT von Baltimore sich einen Ransome-Virus eingefangen hat, können die Bürger ihre Steuern und ihre Blitzer-Tickets nicht zahlen! Wunderbar! 🙂 Mit welchem Aufwand man rechnen muss, wenn man sich von der Digitalisierung […]
google’s security lab “project zero“ has made itself a name. (you can subscribe to their rss feed with thunderbird.) Posted by Ben Hawkes, Project Zero (team lead) (2019-05-15) Project Zero’s team mission is to “make zero-day hard”, i.e. to make […]
20-30% of positive ratings as well as negative ratings (to make competition look bad) are fake! according to gallileo magazine this website tries to filter/debunk the fake from the real ratings: https://reviewmeta.com/
It is one of the most critical of digital infrastructures – update servers – thus vendors need to be EXTREEEEMELY careful how they run their update servers. they could get hacked and their downloads and updates get virus and backdoor […]
WARNING! It could also be US hackers that try to frame the Chinese. another reason, PayPal is clearly politically biased: 2010: PayPal Freezes WikiLeaks Account | WIRED https://www.wired.com/2010/12/paypal-wikileaks/ PayPal’s move comes amid mounting U.S. pressure against WikiLeaks over its cache […]
https://youtu.be/Z9z66ksWtlg one week downtime – they got backups and are not planing on paying the ransome. “Norwegian oil and gas and metallurgical Corporation Norsk Hydro was hit by the encoder LockerGoga — to stop the spread of malware, IT-specialists had […]
this is probably the most evil way of social engineering: fear makes a lot of money – but it can even kill already traumatized people. It works like this: criminals create fake profiles on dating sites / facebook / twitter […]
Update: 2020-03 it is very very confusing. on the one side the whole world is moving towards https SecurityLab, [25.03.20 15:55] “Mozilla implements an additional HTTPS Only mode in Firefox 76, in which the browser will only accept encrypted connections, […]
“The cost to companies from malware and “malicious insider”-related cyberattacks jumped +12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute.” src: helpnetsecurity.com logical consequence: stop […]
… this is why no usb stick and no cable can be trusted… Thunderbolt / PCI-Express is having similar issues “Abstract—Direct Memory Access (DMA) attacks have beenknown for many years: DMA-enabled I/O peripherals have com-plete access to the state of […]
Unknown stole $7.7 million in cryptocurrency EOS 28 February, 2019 News Support 0 comments The attacker managed to steal $7.7 million in cryptocurrency EOS due to the negligence of one of the managers a black list. Hacking became known on […]
firewall & pinguin: iptables where do thou go? it is said that when using “ip-sets” iptables and nftables achieve almost same performance (amounts of ips possible to block, without server becoming slow/unresponsive) Redhat and nftables on DDoS “so the only […]